Veracode Vulnerability DatabaseVERACODE:44260Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%
moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because the user information are not properly restricted which allows an attacker to gain access to sensitive information such as usernames.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
bugzilla.redhat.com/show_bug.cgi?id=2243444
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
github.com/advisories/GHSA-26fg-v32r-h663
github.com/moodle/moodle/commit/17d208e98b667e155ab7638dfa722d2f28842a21
github.com/moodle/moodle/commit/1ae0262730b56e6ea4d88e32f56eb8fad0629a4f
github.com/moodle/moodle/commit/1eda3a392bc023ad9794a9789e0207ac95c995de
github.com/moodle/moodle/commit/c22b94aea7f467d95b720ea5339154a3ca431a5d
github.com/moodle/moodle/commit/f0b20505d917f9c3bccb80ad577cc3a8eb3b1168
moodle.org/mod/forum/discuss.php?d=451586
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%